static int ipa_ldap_bind(const char *ldap_uri, krb5_principal bind_princ, const char *bind_dn, const char *bind_pw, const char *mech, const char *ca_cert_file, LDAP **_ld) { char *msg = NULL; struct berval bv; LDAP *ld; int ret; /* TODO: support referrals ? */ ret = ipa_ldap_init(&ld, ldap_uri); if (ret != LDAP_SUCCESS) { return ret; } if (ld == NULL) { fprintf(stderr, _("Unable to initialize ldap library!\n")); return LDAP_OPERATIONS_ERROR; } ret = ipa_tls_ssl_init(ld, ldap_uri, ca_cert_file); if (ret != LDAP_OPT_SUCCESS) { goto done; } if (bind_dn) { bv.bv_val = discard_const(bind_pw); bv.bv_len = strlen(bind_pw); ret = ldap_sasl_bind_s(ld, bind_dn, LDAP_SASL_SIMPLE, &bv, NULL, NULL, NULL); if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Simple bind failed\n")); goto done; } } else { if (strcmp(mech, LDAP_SASL_EXTERNAL) == 0) { ret = ldap_sasl_bind_s(ld, NULL, LDAP_SASL_EXTERNAL, NULL, NULL, NULL, NULL); } else { ret = ldap_sasl_interactive_bind_s(ld, NULL, LDAP_SASL_GSSAPI, NULL, NULL, LDAP_SASL_QUIET, ldap_sasl_interact, bind_princ); } if (ret != LDAP_SUCCESS) { #ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&msg); #endif fprintf(stderr, "SASL Bind failed %s (%d) %s!\n", ldap_err2string(ret), ret, msg ? msg : ""); goto done; } } ret = LDAP_SUCCESS; done: if (ret != LDAP_SUCCESS) { if (ld) ldap_unbind_ext(ld, NULL, NULL); } else { *_ld = ld; } return ret; }
static int ipa_ldap_bind(const char *server_name, krb5_principal bind_princ, const char *bind_dn, const char *bind_pw, LDAP **_ld) { char *msg = NULL; struct berval bv; int version; LDAP *ld; int ssl; int ret; /* TODO: support referrals ? */ if (bind_dn) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ca_cert_file); if (ret != LDAP_OPT_SUCCESS) { fprintf(stderr, _("Unable to set LDAP_OPT_X_TLS_CERTIFICATE\n")); return ret; } ret = ipa_ldap_init(&ld, "ldaps", server_name, 636); if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Unable to init for ldaps(636) connection\n")); return ret; } ssl = LDAP_OPT_X_TLS_HARD;; ret = ldap_set_option(ld, LDAP_OPT_X_TLS, &ssl); if (ret != LDAP_OPT_SUCCESS) { fprintf(stderr, _("Unable to set LDAP_OPT_X_TLS\n")); goto done; } } else { ret = ipa_ldap_init(&ld, "ldap", server_name, 389); if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Unable to init for ldap(389) connection\n")); return ret; } } if (ld == NULL) { fprintf(stderr, _("Unable to initialize ldap library!\n")); return LDAP_OPERATIONS_ERROR; } #ifdef LDAP_OPT_X_SASL_NOCANON /* Don't do DNS canonicalization */ ret = ldap_set_option(ld, LDAP_OPT_X_SASL_NOCANON, LDAP_OPT_ON); if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Unable to set LDAP_OPT_X_SASL_NOCANON\n")); goto done; } #endif version = LDAP_VERSION3; ret = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version); if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Unable to set LDAP_OPT_PROTOCOL_VERSION\n")); goto done; } if (bind_dn) { bv.bv_val = discard_const(bind_pw); bv.bv_len = strlen(bind_pw); ret = ldap_sasl_bind_s(ld, bind_dn, LDAP_SASL_SIMPLE, &bv, NULL, NULL, NULL); if (ret != LDAP_SUCCESS) { fprintf(stderr, _("Simple bind failed\n")); goto done; } } else { ret = ldap_sasl_interactive_bind_s(ld, NULL, "GSSAPI", NULL, NULL, LDAP_SASL_QUIET, ldap_sasl_interact, bind_princ); if (ret != LDAP_SUCCESS) { #ifdef LDAP_OPT_DIAGNOSTIC_MESSAGE ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void*)&msg); #endif fprintf(stderr, "SASL Bind failed %s (%d) %s!\n", ldap_err2string(ret), ret, msg ? msg : ""); goto done; } } ret = LDAP_SUCCESS; done: if (ret != LDAP_SUCCESS) { if (ld) ldap_unbind_ext(ld, NULL, NULL); } else { *_ld = ld; } return ret; }